The Fifth U.S. Circuit Court of Appeals ruled that an insurance company must defend Landry’s, the Houston-based restaurant chain, in litigation stemming from a data breach that resulted in personal information being skimmed from millions of customers’ credit cards.
The appellate court, in an opinion issued Thursday, overturned a federal district court ruling dismissing all claims by Landry’s against its insurer, the Insurance Company of the State of Pennsylvania (ICSOP).
Landry’s had argued that ICSOP was bound to defend it in a lawsuit stemming from a cybersecurity breach at 14 Landry’s locations from May 2014 to December 2015. A program installed without authorization on payment-processing devices of Landry’s resulted, according to the appellate ruling, in the retrieval of “data from credit cards’ magnetic strips… including the cardholder’s name, card number, expiration date, and internal verification code.” The appellate ruling added, “At least some of that credit-card information was used to make unauthorized charges.”
Landry’s was sued by a third-party vendor, Paymentech, a branch of JPMorgan Chase Bank, which processes Visa and MasterCard payments to merchants. Paymentech, according to the appellate order, argued that “Landry’s was on the hook for the losses assessed by Visa and MasterCard” as a result of the security breach. ICSOP argued that it was not bound to defend Landry’s in that litigation. The Fifth Circuit Court disagreed and remanded the matter to the district court for resolution.
Laura Foggan, a partner in the Washington office of Crowell & Moring representing ICSOP, declined to comment on the appellate court’s ruling.
Andrew Guthrie, a partner with Haynes and Boone in Dallas who represents Landry’s, could not be reached for comment.